IT Risk

Bachelor's or Master's degree.
At least 8 years of experienced.
IT risk management, IT governance, IT compliance.
Develop and maintain the organisation s IT risk & compliance management framework, in accordance with good practices and present to the executive management team.
Establish and maintain effective relationships with key stakeholders, including business leaders, IT teams, and external auditors, to ensure that IT risk and compliance programs are aligned with business objectives and risks are appropriately identified, assessed, and managed.
Lead the organisation s risk assessment process, identifying and analysing IT risks, evaluating the effectiveness of existing controls, and developing risk mitigation strategies.
Develop and implement IT compliance programs, ensuring that the organisation is in compliance with relevant regulations and standards such as ISO 27001, NIST, and PDPA.
Lead the implementation of the organisation s IT governance framework, ensuring that IT policies and procedures are aligned with business objectives and regulatory requirements.
Provide guidance and training to the organisation s employees on risk and compliance issues, promoting a culture of risk awareness and responsibility.
Work with the IT teams to identify, assess, and manage vendor risks, ensuring that third-party suppliers comply with the organisation s security and privacy requirements.
Monitor the effectiveness of IT risk and compliance programs, identifying areas for improvement and implementing best practices to enhance the organisation s security posture.
Report to the executive management team, Internal Audit Office, Risk Management Committee, and Cybersecurity Committee (CSC) on the effectiveness of IT risk and compliance programs, including key risk indicators and compliance metrics.

**Qualifications**:
Bachelor's or Master's degree in Computer Science, Information Technology, Business Administration, or related fields.
At least 8 years of experience in IT risk management, IT governance, or IT compliance, with a proven track record of success in managing risk and compliance in complex organisations.
Certification in IT risk management, IT governance, or IT compliance (e.g., CRISC, CISA, CISM, CISSP, CGRC, ISO 27001 Lead Auditor, GDPR Practitioner) is strongly preferred.
Strong understanding of IT risk management frameworks and standards.
Excellent Communication skills, Analytical and Problem-solving skills.

**Job skills required**: Internal Audit, Compliance, ISO 27001